nixos/modules/virtualisation/vagrant-guest.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / virtualisation / vagrant-guest.nix
at 25.11-pre 2.1 kB view raw
 1# Minimal configuration that vagrant depends on
 2
 3{ config, pkgs, ... }:
 4let
 5  # Vagrant uses an insecure shared private key by default, but we
 6  # don't use the authorizedKeys attribute under users because it should be
 7  # removed on first boot and replaced with a random one. This script sets
 8  # the correct permissions and installs the temporary key if no
 9  # ~/.ssh/authorized_keys exists.
10  install-vagrant-ssh-key = pkgs.writeScriptBin "install-vagrant-ssh-key" ''
11    #!${pkgs.runtimeShell}
12    if [ ! -e ~/.ssh/authorized_keys ]; then
13      mkdir -m 0700 -p ~/.ssh
14      install -m 0600 <(echo "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key") ~/.ssh/authorized_keys
15    fi
16  '';
17in
18{
19  # Enable the OpenSSH daemon.
20  services.openssh.enable = true;
21
22  # Packages used by Vagrant
23  environment.systemPackages = with pkgs; [
24    findutils
25    iputils
26    nettools
27    netcat
28    nfs-utils
29    rsync
30  ];
31
32  users.extraUsers.vagrant = {
33    isNormalUser = true;
34    createHome = true;
35    description = "Vagrant user account";
36    extraGroups = [
37      "users"
38      "wheel"
39    ];
40    home = "/home/vagrant";
41    password = "vagrant";
42    useDefaultShell = true;
43    uid = 1000;
44  };
45
46  systemd.services.install-vagrant-ssh-key = {
47    description = "Vagrant SSH key install (if needed)";
48    after = [ "fs.target" ];
49    wants = [ "fs.target" ];
50    wantedBy = [ "multi-user.target" ];
51    serviceConfig = {
52      ExecStart = "${install-vagrant-ssh-key}/bin/install-vagrant-ssh-key";
53      User = "vagrant";
54      # So it won't be (needlessly) restarted:
55      RemainAfterExit = true;
56    };
57  };
58
59  security.sudo.wheelNeedsPassword = false;
60  security.sudo-rs.wheelNeedsPassword = false;
61}